General
-
Target
76656de28ec734c397c1d50f7bd61f1fd0f73f08b73af0f87c2a7bb2013cb5c2
-
Size
881KB
-
Sample
221124-3my4dsba9v
-
MD5
0e2799a3e9f835c79364929ebd42f5d0
-
SHA1
bf5b89513999a41be64b0c1cf4062d918d931bd7
-
SHA256
76656de28ec734c397c1d50f7bd61f1fd0f73f08b73af0f87c2a7bb2013cb5c2
-
SHA512
8f73efd382a91312db15483f4251816ce47750f21c714af67bfd3faba11b8493c412c9326e48a68a7d52c4ecf125bf8837dfbc4615d56ef03378a923f1f3fc93
-
SSDEEP
12288:CpRZPGFMuMnXRME1YOyGJBtquBWVbYmcCNT6bKiS9FT6Jwds/:MZPGN8hMZFuynY7CUbu9FWwd6
Static task
static1
Behavioral task
behavioral1
Sample
76656de28ec734c397c1d50f7bd61f1fd0f73f08b73af0f87c2a7bb2013cb5c2.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
76656de28ec734c397c1d50f7bd61f1fd0f73f08b73af0f87c2a7bb2013cb5c2.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
76656de28ec734c397c1d50f7bd61f1fd0f73f08b73af0f87c2a7bb2013cb5c2
-
Size
881KB
-
MD5
0e2799a3e9f835c79364929ebd42f5d0
-
SHA1
bf5b89513999a41be64b0c1cf4062d918d931bd7
-
SHA256
76656de28ec734c397c1d50f7bd61f1fd0f73f08b73af0f87c2a7bb2013cb5c2
-
SHA512
8f73efd382a91312db15483f4251816ce47750f21c714af67bfd3faba11b8493c412c9326e48a68a7d52c4ecf125bf8837dfbc4615d56ef03378a923f1f3fc93
-
SSDEEP
12288:CpRZPGFMuMnXRME1YOyGJBtquBWVbYmcCNT6bKiS9FT6Jwds/:MZPGN8hMZFuynY7CUbu9FWwd6
Score10/10-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-